News from PANUG - March 29, 2001

http://www.panug.org

THE LION VIRUS
by Ed Sawicki

A few people have written to PANUG with information
about the Lion virus. The headlines in the news stories
could easily give you the impression that there is a
security flaw in Linux but this is not the case. The Lion
virus exploits the security holes in BIND - NOT Linux.

The SANS institute refers to "Windows IIS servers and Linux
and Solaris boxes" when describing the targets of the virus.
This is apples and oranges terminology. It would be far
more accurate and correct to refer to "IIS and BIND servers"
as the targets. Alternatively, they could refer to "Windows,
Linux, and Solaris servers". Instead, they suggest that
only certain Windows machines are vulnerable but ALL Linux
and Solaris machines are vulnerable.

I would have expected the SANS institute to be either
smarter than this or more objective in their reporting.
It seems that objective and intelligent sources of news
are very rare these days.

The obvious short-term solution is to apply the IIS patches
that fix this particular security hole and to upgrade to
a version of BIND that does not have this problem. The
obvious long term solution to the problem is to quit using
this software. The obvious alternative to IIS is Apache,
which runs on Windows as well as Linux/Unix/NetWare. The
obvious alternative to BIND is Tinydns.

THE END - http://www.shibumi.org/eoti.htm